Secure Your WordPress Site, Lock Stock and Barrel

If you purchase through a link on our site, we may earn a commission. Learn more.

There is no point in having an array of locks at your disposal, if you do not use them, or don’t know how to use them to safeguard your property. In the case of information, especially your private information, a heavy duty lock is what you need at all times. To protect, in this case, a repository of valuable information, it is important to have a good lock and ensure that it is fixed strongly to the door.
Table of Contents

There is no point in having an array of locks at your disposal, if you do not use them, or don’t know how to use them to safeguard your property. In the case of information, especially your private information, a heavy duty lock is what you need at all times. To protect, in this case, a repository of valuable information, it is important to have a good lock and ensure that it is fixed strongly to the door. Likewise, a website is only as strong as the password and login page. And that is in your hands, to a large extent.

To help protect your website, there are two basic requirements: (i) safeguard your password; and (ii) secure the login screen. There are a plethora of plugins that are helpful in this endeavour. Login LockDown is one such plugin; it blocks users who attempt to guess the password to your website. Another such app is the Google Authenticator which reduces the chance of a security breach even further. The most common method of ensuring the safety of the login screen is with the use of Captcha.

Login LockDown

Login Lockdown registers every failed login attempt and the corresponding IP address. After three attempts, it blocks all further login attempts from said IP for an hour. These are the default settings, and the time and number of attempts may be altered to suit your specific requirements. It is a good tool in preventing unauthorised access by someone close to you, who may be able to guess the password.

1 2

While this plugin is ideal for securing the safety of your WordPress site, it is not advisable for people who tend to forget passwords. After you login successfully, you can unblock the blocked IPs from the Dashboard.

With this plugin, you can easily find out the IP address that launched the unsuccessful login attempts on your site; and possibly even trace the IP address to the source. But the user must beware: the plugin may malfunction if other plugins interfere with its working.

You can download the plugin here 

Google Authenticator

For smartphone savvy people, who require seamless connectivity to their WordPress sites the Google Authenticator is the ideal plugin for additional safety.  Once you setup the plugin, you need to install the Google Authenticator app which is available for smartphones such as Android, Blackberry and iOS-based devices. The app works in conjunction with the plugin to make your login process much more secure.

3 4

Normally, passwords can be cracked by means of brute force attack. If you use Google Authenticator then it renders the possibility of password compromise moot. When a person breaks into your account with the password, the screen asks for the Google Authenticator password. This password is available only to you provided you have the app installed on your smartphone.

Even if a hacker figures out your username and password, it will be nearly impossible to determine the unique code provided by the Google Authenticator as you will be the only person who has access to the code. Not only that, the code is time-bound and expires in a short interval of time. That’s why it is nearly impossible to access a WordPress website that has been adequately protected by plugins such Google Authenticator.

One disadvantage of the Google Authenticator is that it necessitates the use of a smartphone in conjunction with a computer system. It cannot be used independently.

You can download the plugin here

Captcha

Captcha is one the most simple and most effective ways to improve the security of a site. More than one plugin on WordPress uses Captcha to protect the site from spam and bot attacks. The use of Captcha eliminates the possibility of brute force attack, in the process greatly decreasing the likelihood of falling to cyber-attacks.

Different types of Captcha

Normal Captcha is available in WordPress, this plugin can be applied to the login page, reset password screen and comment forms.

You can find it here

5

There are also other types including SI Captcha that specialises in prevention of spamming by automated bots, Sweet Captcha that adds colour to your site. There is an Invisible Captcha plugin that prioritizes the protection of comments from spam. For users who require puzzle and intrigue in their Captcha, there is Enmask Captcha.

6 7

Finally, just remember…

Plugins may well save the day for you, but there is no substitute for a strong password that comprises of dual case characters, numbers and special characters in no specific order.  Should your site ever get compromised, the first course of action is to use the ”forgot password” option, login with the new password and change it immediately.

Be prepared! Be safe!

If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.

Alyona Galea

Alyona is a WordPress enthusiast, focused on sharing interesting things she comes across during her work with this great CMS. She loves exploring new destinations and maintains a travel blog at www.alyonatravels.com

Discover more from our archives ↓

Popular articles ↓

One Response

  1. I’m using SI Captcha. It saved me a lot from bruteforce attack. But these peoples keep coming again and again even if they’re in the blocked list.

Share Your Thoughts

Your email address will not be published. Required fields are marked *

Claim Your Free Website Tip 👇

Leave your name, email and website URL below to receive one actionable improvement tip tailored for your website within the next 24 hours.

"They identified areas for improvement that we had not previously considered." - Elliot

By providing your information, you'll also be subscribing to our weekly newsletter packed with exclusive content and insights. You can unsubscribe at any time with just one click.